/** * @param PDO $link * @return bool|string */ function process_facebook_login($link) { require_once dirname(__FILE__) . '/' . SYNAPP_CONFIG_DIRNAME . '/facebook_credentials.php'; $fbLoginRedirectUrl = SYNAPP_FB_LOGIN_REDIRECT_URL . (isset($_GET['location']) ? '?location=' . $_GET['location'] : ''); $fbAppId = SYNAPP_FB_APP_ID; $fbAppSecret = SYNAPP_FB_APP_SECRET; $use_password_verify = defined('SYNAPP_USE_PASSWORD_HASH_AUTHENTICATION') && (SYNAPP_USE_PASSWORD_HASH_AUTHENTICATION === true || is_string(SYNAPP_USE_PASSWORD_HASH_AUTHENTICATION) && (trim(strtolower(SYNAPP_USE_PASSWORD_HASH_AUTHENTICATION)) === 'on' || trim(strtolower(SYNAPP_USE_PASSWORD_HASH_AUTHENTICATION)) === 'true' || trim(strtolower(SYNAPP_USE_PASSWORD_HASH_AUTHENTICATION)) === '1')) ? true : false; try { if (isset($_SESSION['fb_token'])) { $session = new FacebookSession($_SESSION['fb_token']); } else { FacebookSession::setDefaultApplication($fbAppId, $fbAppSecret); $helper = new FacebookRedirectLoginHelper($fbLoginRedirectUrl); try { $session = $helper->getSessionFromRedirect(); if (isset($session)) { $_SESSION['fb_token'] = $session->getToken(); } else { return $helper->getLoginUrl(array('scope' => 'email')); } } catch (FacebookSDKException $ex) { // When Facebook returns an error return $helper->getLoginUrl(array('scope' => 'email')); } catch (Exception $ex) { // When validation fails or other local issues return $helper->getLoginUrl(array('scope' => 'email')); } } if (isset($session)) { // Logged in $graphObject = (new FacebookRequest($session, 'GET', '/me?fields=id,email,first_name,last_name'))->execute()->getGraphObject(GraphUser::className()); $sql = "SELECT * FROM `users` WHERE fbid = :fbid OR email = :email AND confirmed_email = b'1'"; $stmt = $link->prepare($sql); $stmt->bindValue(':fbid', $graphObject->getProperty('id'), PDO::PARAM_STR); $stmt->bindValue(':email', $graphObject->getProperty('email'), PDO::PARAM_STR); if ($stmt->execute() !== false && $stmt->rowCount() > 0) { $user_array = $stmt->fetch(PDO::FETCH_ASSOC); if ($user_array['active'] == 0) { $_SESSION['login_err'] = 403; return false; } $_SESSION['user_array'] = $user_array; $_SESSION['auth'] = true; $_SESSION['justlogged'] = true; $_SESSION['if_lang'] = $_SESSION['user_array']['interface_language']; $_SESSION['user_count'] = 1; $_SESSION['pass_count'] = 0; $_SESSION['user_array']['missed_logins'] = 0; $time = time(); if (($ip = ip2long($_SERVER['REMOTE_ADDR'])) === false) { $ip = 0; } $sql = "UPDATE users SET recovery = :recovery, missed_logins='0', last_login = :time, ip = :ip WHERE user = :user"; $stmt = $link->prepare($sql); $prng = new synapp\info\tools\passwordgenerator\cryptosecureprng\CryptoSecurePRNG(); $stmt->bindValue(':recovery', $use_password_verify ? password_hash($prng->rand(), SYNAPP_PASSWORD_DEFAULT) : hash("sha256", $prng->rand()), PDO::PARAM_STR); $stmt->bindValue(':time', $time, PDO::PARAM_INT); $stmt->bindValue(':ip', $ip, PDO::PARAM_INT); $stmt->bindValue(':user', $_SESSION['user_array']['user'], PDO::PARAM_STR); if ($stmt->execute() === false) { error_log(var_export($link->errorInfo(), true)); die("Error performing database operation."); } return true; } $rd['user'] = substr(preg_replace("/[^a-zA-Z0-9]+/", "", $graphObject->getProperty('first_name') . $graphObject->getProperty('last_name')), 0, USER_MAXLENGTH); $i = 0; while (user_exist($link, $rd['user'])) { $rd['user'] = substr(preg_replace("/[^a-zA-Z0-9]+/", "", $i . $graphObject->getProperty('first_name') . $graphObject->getProperty('last_name')), 0, USER_MAXLENGTH); $i++; } $rd['pass'] = substr(hash("sha256", $_SESSION['fb_token']), 0, PASS_MAXLENGTH); $rd['pass2'] = $rd['pass']; $rd['ilang'] = $_SESSION['if_lang']; $rd['fbid'] = $graphObject->getProperty('id'); $ea = process_registration_form($link, $rd, true); if ($ea['err'] !== true) { $sql = "UPDATE `users` SET fbid = :fbid, email = :email, confirmed_email = b'1' WHERE user = :user"; $stmt = $link->prepare($sql); $stmt->bindValue(':fbid', $graphObject->getProperty('id'), PDO::PARAM_STR); $stmt->bindValue(':email', $graphObject->getProperty('email'), PDO::PARAM_STR); $stmt->bindValue(':user', $rd['user'], PDO::PARAM_STR); return $stmt->execute() !== false; } return $ea['err'] !== true; } else { header('Location: account/logout.php'); die; } } catch (FacebookSDKException $ex) { // When Facebook returns an error error_log("FacebookRequestException: " . $ex->getMessage()); header('Location: account/logout.php'); die; } catch (Exception $ex) { // When validation fails or other local issues error_log("Exception on facebook login: " . $ex->getMessage()); header('Location: account/logout.php'); die; } }
$resp = recaptcha_check_answer(RECAPTCHA_PRIVATE_KEY, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { // What happens when the CAPTCHA was entered incorrectly $errors = array(); $errors[] = "The reCAPTCHA wasn't entered correctly. Go back and try it again. (reCAPTCHA said: " . $resp->error . ")"; handle_errors($errors); handle_reposts(); } else { // Recaptcha successful, now onto the rest of the form. // If form does not validate, we need to return with errors. if ($errors = validate_registration_form()) { handle_errors($errors); handle_reposts(); } else { // If errors occur while trying to create user, we need to return with errors. if ($errors = process_registration_form($smarty)) { handle_errors($errors); handle_reposts(); } else { header("Location: pending.php"); } } } } $smarty->assign('page_name', 'Site Registration'); $smarty->assign('recaptcha_html', recaptcha_get_html(RECAPTCHA_PUBLIC_KEY)); // Build the page require 'global_begin.php'; $smarty->display('public/siteregistration.tpl'); require 'global_end.php'; /*